This investigation was featured in Datanews on 17/09/2018. NL versie: zie onder.

In an in-depth investigation into the IT security of Belgian companies, Awingu was able to identify 8.803 organizations that run a high risk of hacking. We did specific research on IP addresses that were connected to unprotected Remote Desktop Servers (based on the Remote Desktop Protocol). Microsoft’s RDP is a very popular server-based computing technology, but in its bare form, it offers insufficient protection. By implementing Awingu on top of RDP, you can greatly reduce the security risk of your IT environment.

RDP is one of the most used IT solutions in the world. Via the RDP client, an application that needs to be installed on the user’s device (e.g. a laptop), you allow users to access a desktop or application remotely. Typically, this is used to enable employees to use their software both inside and outside of the company. RDP is a low-threshold solution, and the addition of security is sometimes omitted: extra security measures (e.g. firewall rules or access control lists) mean added complexity for the IT administrator (and the user).

However, leaving your RDP environment without protection is not without risks: ‚Since 2002, 20 Microsoft security updates have been released specifically for RDP, and people now know of at least 25 vulnerabilities (CVEs) that malicious parties can exploit without much effort. With that in mind, you must be crazy not to add an extra layer of security to your environment‘, Kurt Bonne (CTO Awingu) teaches us.

After analysis based on data made available by search engine Shodan, Awingu achieved the following spectacular result: almost 9.000 RDP endpoints are currently publicly available in Belgium. This means that these are accessible to everyone via the internet – even if no secure connection, facilitated by the organization, is established. In other words, these are not or insufficiently protected and have an unmistakable potential to be hacked. Such companies with an open RDP environment are therefore advised to do something about this as quickly as possible.

Open RDP endpoints occur everywhere in Belgium: any form of geographical concentration we noticed in our research corresponds to industry density. In other words, it is a global problem that does not seem to affect any region in particular. If we map out the impacted companies – or at least the location of their data center – this results in the following:

Locations of open RDP endpoints Belgium – July 2018, Awingu

The Remote Desktop protocol was originally developed to be used primarily on an internal company network. Making your environment directly available via the internet may be possible, but it is advised to take at least several security measurements beforehand. You can find several methods to protect your environment on the web that, although they’re sometimes outdated, are very relevant and necessary to ensure a minimum of security.

In the more recent RDP versions, Microsoft paid great attention to the safety aspect, not only by adding more possibilities but also by offering more intelligent default settings. You would, therefore, think that it is a ’no-brainer‘ to at least upgrade your RDP environment to the latest version, but often older applications are not always compatible, and the older versions are kept out of necessity.

Insufficient security at RDP ports is a universal problem in Belgium that is not regionally bound and prevents companies affiliated with any provider, large or small. It is therefore highly recommended that you review the situation at your company and, if necessary, place an extra layer of security on top of your environment. If you do not do that, you run a considerable risk of being hacked at any given moment. Awingu is a solution that offers companies this extra security.

Awingu facilitates a solution for this problem with our Unified Workspace. When using it, you connect to the application or desktop via a browser – and no longer via an RDP client. This means that people with bad intentions can no longer exploit the weak points of an unprotected RDP access. To maximize protection through the browser access, Awingu implements the following security measures:

Multi-factor authentication: Awingu comes with a built-in MFA solution, and can (if necessary) easily integrate your current method of authentication. By adding MFA you ensure that the ‚brute force attacks‘ are no longer possible.

SSL without hassle: use your own certificates or switch SSL via the built-in Let’s Encrypt integration with just a single mouse click.